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1 Application and experimental evaluation of state space reduction methods for 
deadlock analysis in Ada 
S. Duri, U. Buy, R. Devarapalli, S. M. Shatz 

October 1994 ACM Transactions on Software Engineering and Methodology 
(TOSEM), Volume 3 Issue 4 

Full text available: Hlpdf(3.08 MB) Additional Information: full citation , abstract, references , citrngs, 

index terms 

An emerging challenge for software engineering is the development of the methods 
and tools to aid design and analysis of concurrent and distributed software. Over 
the past few years, a number of analysis methods that focus on Ada tasking have 
been developed. Many of these methods are based on some form of reachability 
analysis, which has the advantage of being conceptually simple, but the 
disadvantage of being computationally expensive. We explore the effectiveness of 
various Petri net-base ... 

Keywords: Ada tasking, automatic analysis, concurrency analysis, deadlock 
detection, experimental evaluation, state space explosion 
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Over the past few years, a number of research investigations have been initiated for 
static analysis of concurrent and distributed software. In this paper we report on 
experiments with various optimization techniques for reachability-based deadlock 
detection in Ada programs using Petri net models. Our experimental results show 
that various optimization techniques are mutually beneficial with respect to the 
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Using shape analysis to reduce finite-state models of concurrent Java 

programs 

James C. Corbett 

January 2000 ACM Transactions on Software Engineering and Methodology 

(TOSEM), Volume 9 Issue 1 
Full text available: pdf(284.92 Additional Information: full citation , abstract , references , citings , 
KB) index terms 

Finite-state verification (e.g., model checking) provides a powerful means to detect 
concurrency errors, which are often subtle and difficult to reproduce. Nevertheless, 
widespread use of this technology by developers is unlikely until tools provide 
automated support for extracting the required finite-state models directly from 
program source. Unfortunately, the dynamic features of modern languages such as 
Java complicate the construction of compact finite-state models for verification. I ... 

Keywords: Java, concurrent systems, finite-state verification, model extraction, 
modeling, shape analysis, state-space reductions 



4 Computing bounds on steady state availability of repairable computer systems 
John C. S. Lui, Richard R. Muntz 
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r- i. * * ■■ ui ft ^ctA oc un^ Additional Information: full citation , abstract , references , citings , 

Full text available: T5 ]pdf(1.85 MB) a - 

index terms , review 

One of the most important performance measures for computer system designers is 
system availability. Most often, Markov models are used in representing systems for 
dependability/availability analysis. Due to complex interactions between 
components and complex repair policies, the Markov model often has an irregular 
structure, and closed-form solutions are extremely difficult to obtain. Also, a 
realistic system model often has an unmanageably large state space and it quickly 
becomes impracti ... 

5 A state transition model for distributed query processing 
Stephane Lafortune, Eugene Wong 

August 1986 ACM Transactions on Database Systems (TODS), Volume 11 Issue 3 

Full text available* fi3 df(1 57 MB) Additional Information: full citation , abstract , references , citings , 
' index terms , review 

A state transition model for the optimization of query processing in a distributed, 
database system is presented. The problem is parameterized by means of a. state 
describing the amount of processing that has been performed at each site where 
the database is located. A state transition occurs each time a new join or semijoin is 
executed. Dynamic programming is used to compute recursively the costs of the 
states and the globally optimal solution, taking into account communication and 
local pr ... 
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analysis of security protocols 

David Basin, Sebastian Modersheim, Luca Vigano 
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October 2003 Proceedings of the 10th ACM conference on Computer and 
communications security 

Full text available: ^ pdf(278.42 Additional Information: full citation , abstract , references , index 
KB) terms 

We introduce CDiff, a new technique for reducing search when model-checking 
security protocols. Our technique is based on eliminating certain kinds of 
redundancies that arise in the search space when using symbolic exploration 
methods, in particular methods that employ constraints to represent and 
manipulate possible messages from an active intruder. Formally, we prove that 
CDiff terminates and is correct and complete, in that it preserves the set of 
reachable states so that all state-based prop ... 

Keywords: constraints, partial-order reduction, protocol verification 



7 Analysis of real-time programs with simple time Petri nets 
Ugo Buy, Robert H. Sloan 

August 1994 Proceedings of the 1994 ACM SIGSOFT international symposium 

on Software testing and analysis 
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Full text available: T O pdf(1.48 MB) u ~ 
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We present a first report on our PARTS toolset for the automated static analysis of 
real-time systems. The PARTS toolset is based upon a timed extension of Petri 
nets. Our simple time Petri nets or STP nets are specifically aimed at facilitating 
real-time analysis. Our analysis approach uses the state space of an STP net in 
order to answer queries about the concurrency and timing behavior of the 
corresponding system. An attractive feature of STP nets is that they ... 



8 Verifying hardware in its software context 

R. Kurshan, V. Levin, M. Minea, D. Peled, H. Yenigun 

November 1997 Proceedings of the 1997 IEEE/ACM international conference on 
Computer-aided design 

Full text available: ffipdff 155.83 

Additional Information: full citation , abstract , references , citings , 
KB)W Publisher index terms 



Site 

We describe a method for verifying hardware whose correct behavior depends upon 
its software interface. It is presumed that the hardware is presented as a 
synchronous RTL model whereas the software is presented as an asynchronous 
abstraction. Our methodology incorporates partial order reduction on the software 
side, and localization reduction, to deal with the computational complexity of the 
verification. The partial order reduction is implemented as a constraint on the 
transition relation of a ... 



Keywords: verification, formal verification, model-checking, partial order 
reduction, localization reduction, co-verification, co-design, stepwise refinement 
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February 1988 Proceedings of the 1988 ACM sixteenth annual conference on 
Computer science 

Full text available: pdf(999.58 Additional Information: full citation , abstract , references , index 
KB) terms 



It is shown that the behavior of timed Petri nets with deterministic firing times 
(D-timed nets) and with exponentially distributed random firing times (Maimed 
nets) can be described within one uniform formalism. Moreover, for both classes of 
nets the state spaces are homogeneous semi-Markov chains, the stationary 
probabilities of states and many performance measures can thus be obtained by 
standard techniques developed for analysis of Markov processes. Because of 
scarcity of nets as well ... 

10 Modeling methodology a: Hybrid dynamic systems: mode transition behavior in 
hybrid dynamic systems 
Pieter J. Mosterman 

December 2003 Proceedings of the 35th conference on Winter simulation: 

driving innovation 

Full text available: ^ pdf(357. 36 AJ j-4- < * .. i *■ u * i * 

— 1 Additional Information: full citation , abstract , references 

KB) 

Physical system modeling benefits from the use of implicit equations because it is 
often an intuitive way to describe physical constraints and behaviors. To achieve 
efficient models, model abstraction may lead to idealized component behavior that 
switches between modes of operation (e.g., an electrical diode may be on or off) 
based on inequalities (e.g., voltage > 0). In an explicit representation, the 
combination of these local mode switches leads to a combinatorial explosion of the 
numbe ... 



11 Generation of multi-formalism state-space analysis tools 
Mauro Pezze, Michal Young 

May 1996 ACM SIGSOFT Software Engineering Notes , Proceedings of the 1996 
ACM SIGSOFT international symposium on Software testing and 
analysis, Volume 21 Issue 3 

Full text available: ^pp pdf(731 .51 Additional Information: full citation , abstract , references , citings , 
KB) index terms 

As software evolves from early architectural sketches to final code, a variety of 
representations are appropriate. Moreover, at most points in development, different 
portions of a software system are at different stages in development, and 
consequently in different representations. State-space analysis techniques 
(reachability analysis, model checking, simulation, etc.) have been developed for 
several representations of concurrent systems, but each tool or technique has 
typically been targeted t ... 

12 Context constraints for compositional reachability analysis 
Shing Chi Cheung, Jeff Kramer 

October 1996 ACM Transactions on Software Engineering and Methodology 

(TOSEM), Volume 5 Issue 4 
Full text available: ^ pdf(635.04 Additional Information: full citation , abstract , references , citings . 
KB) index terms , review 
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Behavior analysis of complex distributed systems has led to the search for 
enhanced reachability analysis techniques which support modularity and which 
control the state explosion problem. While modularity has been achieved, state 
explosion in still a problem. Indeed, this problem may even be exacerbated, as a 
locally minimized subsystem may contain many states and transitions forbidden by 
its environment or context. Context constraints, specified as interface processes, 
are restrictions im ... 

Keywords: compositional techniques, concurrency, context constraints, distributed 
systems, labeled transition systems, reachability analysis, state space reduction, 
static analysis, validation 



13 A general state graph transformation framework for asynchronous synthesis 
Bill Lin, Chantal Ykman-Couvreur, Peter Vanbekbergen 

September 1994 Proceedings of the conference on European design automation 
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14 Constructing compact models of concurrent Java programs 
James C. Corbett 

March 1998 ACM SIGSOFT Software Engineering Notes , Proceedings of the 

1998 ACM SIGSOFT international symposium on Software testing 

and analysis, Volume 23 Issue 2 

i- H * * -i ui 0 ma nc rjidx Additional Information: full citation , abstract , references , citings . 

Full text available: TCI pdf(1.06 MB) . — ; 21 - 
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Finite-state verification technology (e.g., model checking) provides a powerful 
means to detect concurrency errors, which are often subtle and difficult to 
reproduce. Nevertheless, widespread use of this technology by developers is 
unlikely until tools provide automated support for extracting the required 
finite-state models directly from program source. In this paper, we explore the 
extraction of compact concurrency models from Java code. In particular, we show 
how static pointer analysis, whic ... 

Keywords: finite-state verification, model extraction, static analysis 



15 An efficient state space generation for analysis of real-time systems 
Inhye Kang, Insup Lee 

May 1996 ACM SIGSOFT Software Engineering Notes , Proceedings of the 1996 
ACM SIGSOFT international symposium on Software testing and 
analysis, Volume 21 Issue 3 

Full text available: ^ pdf(937.51 Additional Information: full citation , abstract , references , citings , 
KB) index terms 

State explosion is a well-known problem that impedes analysis and testing based on 
state-space exploration. This problem is particularly serious in real-time systems 
because unbounded time values cause the state space to be infinite. In this paper, 
we present an algorithm that produces a compact representation of reachable state 
space of a real-time system. The algorithm yields a small state space, but still 
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retains enough timing information for analysis. To avoid the state explosion which 
can b ... 

16 Using partial-order methods in the formal validation of industrial concurrent 
programs 

Patrice Godefroid, Doron Peled, Mark Staskauskas 

May 1996 ACM SIGSOFT Software Engineering Notes , Proceedings of the 1996 
ACM SIGSOFT international symposium on Software testing and 
analysis; Volume 21 Issue 3 

Full text available: pdf(886. 31 Additional Information: full citation , abstract , references , citings , 
KB) index terms 

We have developed a formal validation tool that has been used on several projects 
that are developing software for AT&T's 5ESS ™ telephone switching 
system. The tool uses Holzmann's supertrace algorithm to check for errors such as 
deadlock and livelock in networks of communicating processes. The validator 
invariably finds subtle errors that were missed during thorough simulation and 
testing; however, the brute-force search it performs can result in extremely long 
runn ... 

17 State space reductions using stochastic well-formed net simplifications: an 
application to random polling systems 

S. Donatelli, G. Franceschinis 
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18 Compositional verification of concurrent systems using Petri-net-based 
condensation rules 

Eric Y. T. Juan, Jeffrey J. P. Tsai, Tadao Murata 

September 1998 ACM Transactions on Programming Languages and Systems 

(TOPLAS), Volume 20 Issue 5 
Full text available: ^ pdf(578.81 Additional Information: full citation , abstract , references , citings , 
KB) index terms 

The state-explosion problem of formal verification has obstructed its application to 
large-scale software systems. In this article, we introduce a set of new 
condensation theories: IOT-failure equivalence, IOT-state equivalence, and 
firing-dependence theory to cope with this problem. Our condensation theories are 
much weaker than current theories used for the compositional verification of Petri 
nets. More significantly, our new condensation theories can eliminate the 
interleaved behaviors ... 

Keywords: Petri nets, boundedness, compositional verification, deadlock states, 
reachability analysis, reachability graphs, reachable markings 
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19 Verification of Erlang programs using abstract interpretation and model 
checking 
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September 1999 ACM SIGPLAN Notices , Proceedings of the fourth ACM 

SIGPLAN international conference on Functional 

programming, Volume 34 Issue 9 
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Full text available: 1K)pdf(1.40 MB) — ■ 
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We present an approach for the verification of Erlang programs using abstract 
interpretation and model checking. In general model checking for temporal logics 
like LTL and Erlang programs is undecidable. Therefore we define a frame-work for 
abstract interpretations for a core fragment of Erlang. In this framework it is 
guaranteed, that the abstract operational semantics preserves all paths of the 
standard operational semantics. We consider properties that have to hold on all 
paths of a system, I ... 

Keywords: Erlang, abstract interpretation, distributed system, model checking, 
verification 



20 Fast state verification 
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Unique input/output(UIO) sequences are used for state verification and functional 
test in finite state machines. A UIO sequence for a state s distinguishes it from 
other states in the FSM. Current algorithms to compute UIO sequences are limited 
in their applicability to FSMs with binary input symbols such as those found in con 
trol applications. Execution times of traditional approaches are exponential in the n 
umber of FSM inputs. We dev elop a new heuristic algorithm to generate UIO seque 
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